RSS   Vulnerabilities for
'Big-ip access policy manager client'
   RSS

2018-12-06
 
CVE-2018-15332

CWE-362
 

 
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

 
2018-10-19
 
CVE-2018-15316

CWE-254
 

 
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.

 
2018-08-17
 
CVE-2018-5547

CWE-284
 

 
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges

 
 
CVE-2018-5546

CWE-264
 

 
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.

 

 >>> Vendor: F5 55 Products
Big-ip
Icontrol service manager
Firepass 4100
Firepass 1000
Firepass
Firepass ssl vpn
Firepass 1200
Big-ip application security manager
Big-ip protocol security manager
Big-ip local traffic manager
Big-ip global traffic manager
Enterprise manager
Application security manager appliance
Big-ip access policy manager
Big-ip edge gateway
Big-ip link controller
Big-ip protocol security module
Big-ip wan optimization manager
Big-ip webaccelerator
Big-ip configuration utility
Big-ip analytics
Big-iq
Big-ip advanced firewall manager
Big-ip application acceleration manager
Big-ip policy enforcement manager
Arx data manager
ARX
Big-iq cloud
Big-iq device
Big-iq security
Linerate
Big-ip policy enforcement manager11.5.1
Big-iq adc
Big-ip enterprise manager
Big-ip domain name system
Big-ip global traffic manager11.2.0
Big-iq application delivery controller
Big-iq centralized management
Big-iq cloud and orchestration
Big-ip websafe
F5 iworkflow
Ssl intercept iapp
Ssl orchestrator
Big-ip aam
Big-ip afm
Big-ip apm
Big-ip asm
Big-ip ltm
Big-ip pem
Websafe
Big-ip dns
Big-ip fraud protection service
Traffix systems signaling delivery controller
Big-ip access policy manager client
TMOS


Copyright 2019, cxsecurity.com

 

Back to Top